EHRS-FM IG

ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.16.0 - CI Build

Publish Box goes here

Requirements: AS.2.6 Manage Patient Privacy Consent Directives (Function)

Active as of 2024-08-12
Statement N:

Provide the ability to record and manage patient-specific privacy consent directive consistent with privacy policies.

Description I:

The system enables the management of information access to support privacy policies. These policies allow patients to stipulate specific privacy preferences as a privacy consent directive. The consent may be issued for a specific disclosure, for a period of time, or until it is explicitly revoked. This function depends on infrastructure to enforce the privacy consent and any associated privacy policies using a combination of access control, secure messaging, secure data routing, and data segmentation.

Criteria N:
AS.2.6#01 SHOULD

The system SHOULD provide the ability to manage the privacy preferences of patients (e.g., opt-in with exceptions, opt-out with exceptions, opt-in, opt-out) in their privacy consent directive.

AS.2.6#02 SHOULD

The system SHOULD provide the ability to capture the patient's preferences regarding providers who are permitted to access, or explicitly excluded from accessing, the patient's information.

AS.2.6#03 SHOULD

The system SHOULD provide the ability to render disclosure events.

AS.2.6#04 SHOULD

The system SHOULD provide the ability to render an accounting of any patient identifiable information disclosed to other providers.

AS.2.6#05 MAY

The system MAY provide the ability to enter, import or receive information that documents the patient's expressed selection of privacy preferences related to the disclosure of information identified by its content type (e.g., related diagnosis or payment method), and a specific purpose.

AS.2.6#06 SHOULD

The system SHOULD provide the ability to manage data visibility based on both privacy policy, and patient's privacy consent.

AS.2.6#07 MAY

The system MAY provide the ability to link to privacy consent management systems to access patients' privacy consent directives and digital certificates.